So You Shopped at Target After Black Friday: Now What?

There’s been a ton coverage devoted to Target’s massive Black Friday (and beyond) data breach that compromised up to 40 million credit and debit accounts. But if you were one of the many people who shopped there and now worry that your card information might be in the hands of some shadowy cybercrime network, all the discussion about digital security and data protection probably isn’t as important to you as finding out: What do I do now? We rounded up some credit and security experts to tackle some questions. Should I change my PIN since there were reports that encrypted PINs might have been compromised? Yes, says Linda Sherry, director of national priorities for advocacy group Consumer Action. “Changing your PIN will prevent a stolen debit card number from being used to withdraw cash at an ATM,” she says.

Should I ask my bank or credit issuer for a new card number? This might be a better idea, Sherry says, since debit cards can still be used without PINs for purchases, and credit cards don’t require a PIN at all. She advises contacting the card issuer and asking if they think your account would be safer with a new number. You only know whether or not you shopped at Target, but banks have sophisticated tools that help them evaluate fraud risk.

However, if your bank turns down your request for a new debit card number, Sherry says, “I would unlink any savings or high value accounts from your debit card if you are not given a new one.” This doesn’t eliminate your risk but it limits the amount of damage a thief could do if they get ahold of your account information.

Should I get one of those “ID theft protection” or “credit monitoring” subscriptions, since some have started using this incident as an opportunity to market their services? “Anyone using the Target breach as a marketing angle to convince people to buy credit monitoring is either ignorant of how true name fraud works or they’re simply using scare tactics,” says John Ulzheimer, credit expert at CreditSesame.com.

“There is a close to zero chance that thieves could use the information stolen from Target to perpetrate identity theft,” says Brian Krebs, founder of Krebs on Security, the blog that first broke the news of Target’s massive breach. That’s because credit card fraud — far more common and easy for crooks to pull off — and full-scale identity theft — when someone pretends to be you and opens up lines of credit in your name — are two different animals.

Target isn’t doing much to help correct this misconception with its offer of free credit monitoring for affected customers. “The reason Target is offering ID theft protection as a result of this breach is that this step has become part of the playbook for companies that suffer a data breach,” Krebs says. “Since most consumers conflate credit card fraud with ID theft, many will interpret that to mean that the breached entity is somehow addressing the problem.” In other words, it’s a feel-good marketing move that doesn’t really help the situation.

Should I freeze my credit? You probably don’t need to, the experts say. A credit free will prevent identity theft — that is, credit accounts being created in your name without your knowledge or permission — but it won’t stop somebody from going on a shopping spree with an illegally-procured card number.

What if I used a prepaid debit card? “If you use your prepaid debit card for ongoing purchases, meaning you have funds loaded on the card by an employer or through a
third party like Western Union, I’d most certainly get a replacement card,” Ulzheimer says. Unfortunately, this will probably cost you a few bucks for a new card, plus the hassle factor of transferring your funds and switching over any direct deposits, but it’s a good precautionary measure, according to the experts. “It’s well worth the peace of mind knowing the card’s value can’t be siphoned away,” Ulzheimer says.